As enterprises expand their use of multicloud and hybrid environments to implement solutions, cloud providers constantly seek to make their services more effective and more efficient for those enterprises.  Despite their continued efforts, however, cloud deployments continue to be a minefield of incompatibilities that hinder best practices and require perpetual remediation by developers.


For security professionals, these issues can be particularly problematic. Despite efforts to integrate applications on cloud platforms, they still find it difficult or impossible to establish true end-to-end visibility of their ecosystems and set up reliable governance protocols and high-confidence automation.


For example, one very popular cloud platform, Amazon Web Services, now provides a native “Certificate Manager” to help security professionals provision and implement security certificates for their deployments, but it still suffers from numerous limitations that undermine its usefulness and leaves developers pulling their hair out. In fact, many of Ntrinsec’s newest users adopt it after discovering its effectiveness while searching for answers to their problems with ACM.


Let’s look at some common complaints about ACM, and how Ntrinsec’s groundbreaking solution can solve all of them – almost immediately.




The Amazon Certificate Manager is intended to easily provide SSL/TLS certificates as needed or to integrate private certificates, and to display all known certificates on a central console. While it sounds like a great idea on paper, in practice it still has many shortcomings that leave enterprise security managers with limited ecosystem visibility and a lot of manual steps to manage. Common complaints about ACM include:

  •   Incomplete knowledge of certificates. The ACM central console does provide a list of known certificates, as well as some basic information about them.  But a lot of valuable information is not easily understood from the console, nor can the console identify what the usage of each certificate is. Knowing where each certificate is being used in an infrastructure is critical information, but the ACM console cannot provide it.
  •   Inability to automate certificate renewal. The ACM console provides information about when certificates are due to expire, but the process cannot be automated, making renewal a time-consuming process prone to manual errors.
  •   Inability to automatically place their certificates at their associated processes. When a certificate is created, imported, or renewed, it cannot automatically be placed in the correct location for automatic use by its associated process, such as a load balancer service or self-created load balancer. This again results in more time-consuming manual work and a risk of errors.
  •   Inability to automate revocation. Revoking unnecessary certificates is a critical aspect of security practices, yet it is impossible to automate with the ACM.
  •   Inability to see and secure the last mile. This is particularly true if the deployment uses custom computing instances based on NGINX or other solutions, which are often needed due to the currently limited number of deployment scenarios available within AWS.




Ntrinsec’s discovery methodology and central console overcome all of ACM’s limitations in one fell swoop – enabling full, continuous end-to-end visibility and the highest-confidence automation for any AWS deployment by:

  •   Showing you all of your certificates, but providing every detail about them, including exactly where they are being used in your infrastructure.
  •   Enabling automatic certificate renewal, so you can eliminate any cumbersome and error-prone manual monitoring and renewal requirements.
  •   Automatically placing certificates with their associated processes when they are created, imported, or renewed.
  •   Rotating the keys for all your certificates automatically, on a schedule or in response to a potential breach.
  •   Automating revocation, a best-practice process to eliminate vulnerabilities based on old certificates and keys.
  • Securing your last mile. Even if you use custom instances based on NGINX or other solution to complete your AWS deployment, Ntrinsec can provide full visibility of those instances where AWS cannot.




So far, we have focused on the limitations of ACM as an example of the power of Ntrinsec’s solution, but simply addressing complaints about ACM is not Ntrinsec’s true purpose. Ntrinsec is designed to address the end-to-end security issues of your entire enterprise ecosystem, across whatever internal and cloud environments it encompasses.


Using a method of system process classification, CSP APIs and log analytics, Ntrinsec is not hindered by the usual “incompatibility roadblocks.” It can see inside any and all of your “software silos” and give you complete visibility and control of your security environment from its single-pane-of-glass console.

So, whether you use AWS, Google Cloud, Azure, or any other cloud provider or combination of cloud providers, Ntrinsec can discover all of it and provide full visibility and automation across your entire ecosystem.


Ntrinsec’s solution is also future proof. As cloud and microservices providers continue to evolve, new compatibility issues will arise that will require new remediation methods. But as Ntrinsec’s technology is not limited by compatibility, its users can expect to maintain full visibility across their multicloud ecosystem without any extra effort on their part for the foreseeable future.




The Amazon Certificate Manager is a step towards helping security professionals maintain their AWS environment, but they still have a lot of complaints about it. Ntrinsec can solve all those complaints – and many more – quickly and completely with its groundbreaking discovery and automation methods.

Share This Post

More To Explore